METHODS AND SYSTEMS TO PROVIDE PLATFORM EXTENSIONS FOR TRUSTED VIRTUAL MACHINES
First Claim
Patent Images
1. A method, comprising:
- hosting a virtual machine (VM) on a computing platform, wherein the computing platform includes resources that are access protected with respect to processes hosted under control of a VM manager;
authenticating the VM at least in part with hardware based authentication logic;
determining a subset of the resources that the authenticated VM is permitted to access;
recording the authentication and the permitted access in a portion of memory that is access protected with respect to the processes hosted under control of the VM manger;
receiving a request from the VM to access a requested resource of the computing platform;
verifying, from the protected portion of memory, that the VM is authenticated and permitted to access the requested resource; and
providing the VM with access to the requested resource in accordance with the verifying;
wherein the authenticating, the determining, the recording, the receiving, the verifying, and the providing are performed independent of the VM manager.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems to authenticate a privileged virtual machine (VM), such as a monitoring VM, at a computing platform. Once authenticated, the privileged VM may access privileged resources, including data from the computing platform, via a VM manager or via defined instructions. Such data may include state information of other VMs. The state information may include performance counters of the other VMs. Such instructions may include ones that are not available to non-privileged VMs.
-
Citations
20 Claims
-
1. A method, comprising:
-
hosting a virtual machine (VM) on a computing platform, wherein the computing platform includes resources that are access protected with respect to processes hosted under control of a VM manager; authenticating the VM at least in part with hardware based authentication logic; determining a subset of the resources that the authenticated VM is permitted to access; recording the authentication and the permitted access in a portion of memory that is access protected with respect to the processes hosted under control of the VM manger; receiving a request from the VM to access a requested resource of the computing platform; verifying, from the protected portion of memory, that the VM is authenticated and permitted to access the requested resource; and providing the VM with access to the requested resource in accordance with the verifying; wherein the authenticating, the determining, the recording, the receiving, the verifying, and the providing are performed independent of the VM manager. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product including a computer readable medium having computer program logic stored therein, the computer program logic including:
logic to cause a processor to host a virtual machine (VM) within a computing platform, wherein the computing platform includes resources that are access protected with respect to processes hosted under control of VM management logic, wherein the hosting logic includes, authentication logic to cause the processor to authenticate the VM in conjunction with hardware based authentication logic, logic to cause the processor to determine a subset of the resources that the authenticated VM is permitted to access, record logic to cause the processor to record the authentication and the permitted access within a portion of memory that is access protected with respect to the processes hosted under control of the VM management logic, logic to cause the processor to receive a request from the VM to access a requested resource, verify logic to cause the processor to verify, from the access protected portion of memory, that the VM is authenticated and permitted to access the requested resource, and access logic to cause the processor to provide the VM with access to the requested resource in accordance with results of the verify logic. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A system, comprising:
-
a computing platform including a processor and hardware-based authentication logic; and memory in communication with the processor to store instructions to control the processor to, host a virtual machine (VM) on the computing platform, wherein the computing platform includes resources that are access protected with respect to processes hosted under control of a VM manager, authenticate the VM under control of the hardware based authentication logic, determine a subset of the resources that the authenticated VM is permitted to access, record the authentication and the permitted access in a portion of memory that is access protected with respect to the processes hosted under control of the VM manger, receive a request from the VM to access a requested resource, verify, from the protected portion of memory, that the VM is authenticated and permitted to access the requested resource, and provide the VM with access to the requested resource in accordance with the verification. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification